lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20170918195919.15860-2-ville.syrjala@linux.intel.com>
Date:   Mon, 18 Sep 2017 22:59:19 +0300
From:   Ville Syrjala <ville.syrjala@...ux.intel.com>
To:     linux-wireless@...r.kernel.org
Cc:     QCA ath9k Development <ath9k-devel@....qualcomm.com>,
        Kalle Valo <kvalo@...eaurora.org>, netdev@...r.kernel.org,
        Ville Syrjälä 
        <ville.syrjala@...ux.intel.com>
Subject: [PATCH 2/2] ath9k: Avoid a potential deadlock

From: Ville Syrjälä <ville.syrjala@...ux.intel.com>

Lockdep warns us that sc_pm_lock and cc_lock can cause a deadlock when
cc_lock is acquired by itself with interrupts enabled. Disable irqs
whenever taking cc_lock to avoid this.

[   19.094524] kworker/u2:0/5 just changed the state of lock:
[   19.094578]  (&(&sc->sc_pm_lock)->rlock){-.-...}, at: [<f836c00e>] ath_isr+0x15e/0x200 [ath9k]
[   19.094674] but this lock took another, HARDIRQ-unsafe lock in the past:
[   19.094731]  (&(&common->cc_lock)->rlock){+.-...}
[   19.094741]

               and interrupts could create inverse lock ordering between them.

[   19.094866]
               other info that might help us debug this:
[   19.094926]  Possible interrupt unsafe locking scenario:

[   19.094985]        CPU0                    CPU1
[   19.095036]        ----                    ----
[   19.095086]   lock(&(&common->cc_lock)->rlock);
[   19.095197]                                local_irq_disable();
[   19.095305]                                lock(&(&sc->sc_pm_lock)->rlock);
[   19.095423]                                lock(&(&common->cc_lock)->rlock);
[   19.095539]   <Interrupt>
[   19.095636]     lock(&(&sc->sc_pm_lock)->rlock);
[   19.095745]
                *** DEADLOCK ***

[   19.095965] 3 locks held by kworker/u2:0/5:
[   19.096067]  #0:  ("%s"wiphy_name(local->hw.wiphy)){.+.+.+}, at: [<c1067f37>] process_one_work+0x127/0x580
[   19.096260]  #1:  ((&local->dynamic_ps_enable_work)){+.+...}, at: [<c1067f37>] process_one_work+0x127/0x580
[   19.096447]  #2:  (&sc->mutex){+.+...}, at: [<f836b8b0>] ath9k_config+0x30/0x1d0 [ath9k]
[   19.096639]
               the shortest dependencies between 2nd lock and 1st lock:
[   19.096813]  -> (&(&common->cc_lock)->rlock){+.-...} ops: 38 {
[   19.096816]     HARDIRQ-ON-W at:
[   19.096816]                       __lock_acquire+0x57e/0x1260
[   19.096816]                       lock_acquire+0xb1/0x1c0
[   19.096816]                       _raw_spin_lock_bh+0x3f/0x50
[   19.096816]                       ath_chanctx_set_channel+0xb6/0x2c0 [ath9k]
[   19.096816]                       ath9k_config+0xa8/0x1d0 [ath9k]
[   19.096816]                       ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[   19.096816]                       ieee80211_do_open+0x67a/0x920 [mac80211]
[   19.096816]                       ieee80211_open+0x41/0x50 [mac80211]
[   19.096816]                       __dev_open+0xab/0x140
[   19.096816]                       __dev_change_flags+0x89/0x150
[   19.096816]                       dev_change_flags+0x28/0x60
[   19.096816]                       do_setlink+0x290/0x890
[   19.096816]                       rtnl_newlink+0x7cf/0x8e0
[   19.096816]                       rtnetlink_rcv_msg+0xbf/0x1f0
[   19.096816]                       netlink_rcv_skb+0xb9/0xe0
[   19.096816]                       rtnetlink_rcv+0x1e/0x30
[   19.096816]                       netlink_unicast+0x13a/0x2c0
[   19.096816]                       netlink_sendmsg+0x290/0x380
[   19.096816]                       ___sys_sendmsg+0x1e2/0x280
[   19.096816]                       __sys_sendmsg+0x3f/0x80
[   19.096816]                       SyS_socketcall+0x58c/0x6b0
[   19.096816]                       do_fast_syscall_32+0x96/0x1d0
[   19.096816]                       entry_SYSENTER_32+0x4c/0x7b
[   19.096816]     IN-SOFTIRQ-W at:
[   19.096816]                       __lock_acquire+0x55a/0x1260
[   19.096816]                       lock_acquire+0xb1/0x1c0
[   19.096816]                       _raw_spin_lock+0x3c/0x50
[   19.096816]                       ath_ps_full_sleep+0x24/0x70 [ath9k]
[   19.096816]                       call_timer_fn+0xa4/0x300
[   19.096816]                       run_timer_softirq+0x1b1/0x560
[   19.096816]                       __do_softirq+0xb0/0x430
[   19.096816]                       do_softirq_own_stack+0x33/0x40
[   19.096816]                       irq_exit+0xad/0xc0
[   19.096816]                       smp_apic_timer_interrupt+0x31/0x40
[   19.096816]                       apic_timer_interrupt+0x37/0x3c
[   19.096816]                       wp_page_copy+0xb8/0x580
[   19.096816]                       do_wp_page+0x64/0x420
[   19.096816]                       handle_mm_fault+0x430/0x990
[   19.096816]                       __do_page_fault+0x18b/0x430
[   19.096816]                       do_page_fault+0xb/0x10
[   19.096816]                       common_exception+0x62/0x6a
[   19.096816]     INITIAL USE at:
[   19.096816]                      __lock_acquire+0x204/0x1260
[   19.096816]                      lock_acquire+0xb1/0x1c0
[   19.096816]                      _raw_spin_lock_bh+0x3f/0x50
[   19.096816]                      ath_chanctx_set_channel+0xb6/0x2c0 [ath9k]
[   19.096816]                      ath9k_config+0xa8/0x1d0 [ath9k]
[   19.096816]                      ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[   19.096816]                      ieee80211_do_open+0x67a/0x920 [mac80211]
[   19.096816]                      ieee80211_open+0x41/0x50 [mac80211]
[   19.096816]                      __dev_open+0xab/0x140
[   19.096816]                      __dev_change_flags+0x89/0x150
[   19.096816]                      dev_change_flags+0x28/0x60
[   19.096816]                      do_setlink+0x290/0x890
[   19.096816]                      rtnl_newlink+0x7cf/0x8e0
[   19.096816]                      rtnetlink_rcv_msg+0xbf/0x1f0
[   19.096816]                      netlink_rcv_skb+0xb9/0xe0
[   19.096816]                      rtnetlink_rcv+0x1e/0x30
[   19.096816]                      netlink_unicast+0x13a/0x2c0
[   19.096816]                      netlink_sendmsg+0x290/0x380
[   19.096816]                      ___sys_sendmsg+0x1e2/0x280
[   19.096816]                      __sys_sendmsg+0x3f/0x80
[   19.096816]                      SyS_socketcall+0x58c/0x6b0
[   19.096816]                      do_fast_syscall_32+0x96/0x1d0
[   19.096816]                      entry_SYSENTER_32+0x4c/0x7b
[   19.096816]   }
[   19.096816]   ... key      at: [<f837b694>] __key.61991+0x0/0xffffc96c [ath9k]
[   19.096816]   ... acquired at:
[   19.096816]    lock_acquire+0xb1/0x1c0
[   19.096816]    _raw_spin_lock+0x3c/0x50
[   19.096816]    ath9k_ps_wakeup+0x85/0xe0 [ath9k]
[   19.096816]    ath9k_bss_info_changed+0x2a/0x1b0 [ath9k]
[   19.096816]    ieee80211_bss_info_change_notify+0xf3/0x360 [mac80211]
[   19.096816]    ieee80211_recalc_txpower+0x33/0x40 [mac80211]
[   19.096816]    ieee80211_set_tx_power+0x45/0x1d0 [mac80211]
[   19.096816]    cfg80211_wext_siwtxpower+0xd3/0x350 [cfg80211]
[   19.096816]    ioctl_standard_call+0x4e/0x400
[   19.096816]    wext_handle_ioctl+0xf4/0x190
[   19.096816]    dev_ioctl+0xb7/0x630
[   19.096816]    sock_ioctl+0x13e/0x2d0
[   19.096816]    do_vfs_ioctl+0x84/0x750
[   19.096816]    SyS_ioctl+0x34/0x60
[   19.096816]    do_fast_syscall_32+0x96/0x1d0
[   19.096816]    entry_SYSENTER_32+0x4c/0x7b

[   19.096816] -> (&(&sc->sc_pm_lock)->rlock){-.-...} ops: 597 {
[   19.096816]    IN-HARDIRQ-W at:
[   19.096816]                     __lock_acquire+0x6ae/0x1260
[   19.096816]                     lock_acquire+0xb1/0x1c0
[   19.096816]                     _raw_spin_lock_irqsave+0x45/0x60
[   19.096816]                     ath_isr+0x15e/0x200 [ath9k]
[   19.096816]                     __handle_irq_event_percpu+0x44/0x340
[   19.096816]                     handle_irq_event_percpu+0x1d/0x50
[   19.096816]                     handle_irq_event+0x32/0x60
[   19.096816]                     handle_level_irq+0x81/0x100
[   19.096816]                     handle_irq+0x9c/0xd0
[   19.096816]                     do_IRQ+0x5c/0x120
[   19.096816]                     common_interrupt+0x36/0x3c
[   19.096816]                     _raw_spin_unlock_irqrestore+0x57/0x70
[   19.096816]                     ath9k_config+0x16a/0x1d0 [ath9k]
[   19.096816]                     ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[   19.096816]                     ieee80211_dynamic_ps_enable_work+0x1c3/0x680 [mac80211]
[   19.096816]                     process_one_work+0x1d1/0x580
[   19.096816]                     worker_thread+0x31/0x380
[   19.096816]                     kthread+0xd9/0x110
[   19.096816]                     ret_from_fork+0x19/0x24
[   19.096816]    IN-SOFTIRQ-W at:
[   19.096816]                     __lock_acquire+0x55a/0x1260
[   19.096816]                     lock_acquire+0xb1/0x1c0
[   19.096816]                     _raw_spin_lock_irqsave+0x45/0x60
[   19.096816]                     ath9k_ps_wakeup+0x24/0xe0 [ath9k]
[   19.096816]                     ath9k_tasklet+0x42/0x260 [ath9k]
[   19.096816]                     tasklet_action+0x196/0x1e0
[   19.096816]                     __do_softirq+0xb0/0x430
[   19.096816]                     do_softirq_own_stack+0x33/0x40
[   19.096816]                     irq_exit+0xad/0xc0
[   19.096816]                     do_IRQ+0x65/0x120
[   19.096816]                     common_interrupt+0x36/0x3c
[   19.096816]                     get_page_from_freelist+0x20a/0x970
[   19.096816]                     __alloc_pages_nodemask+0xca/0xed0
[   19.096816]                     __get_free_pages+0x14/0x30
[   19.096816]                     pgd_alloc+0x1d/0x160
[   19.096816]                     mm_init.isra.47+0x13a/0x1b0
[   19.096816]                     copy_process.part.54+0xb55/0x1700
[   19.096816]                     _do_fork+0xd4/0x6a0
[   19.096816]                     SyS_clone+0x27/0x30
[   19.096816]                     do_fast_syscall_32+0x96/0x1d0
[   19.096816]                     entry_SYSENTER_32+0x4c/0x7b
[   19.096816]    INITIAL USE at:
[   19.096816]                    __lock_acquire+0x204/0x1260
[   19.096816]                    lock_acquire+0xb1/0x1c0
[   19.096816]                    _raw_spin_lock_irqsave+0x45/0x60
[   19.096816]                    ath9k_ps_wakeup+0x24/0xe0 [ath9k]
[   19.096816]                    ath9k_start+0x29/0x1f0 [ath9k]
[   19.096816]                    drv_start+0x71/0x270 [mac80211]
[   19.096816]                    ieee80211_do_open+0x31f/0x920 [mac80211]
[   19.096816]                    ieee80211_open+0x41/0x50 [mac80211]
[   19.096816]                    __dev_open+0xab/0x140
[   19.096816]                    __dev_change_flags+0x89/0x150
[   19.096816]                    dev_change_flags+0x28/0x60
[   19.096816]                    do_setlink+0x290/0x890
[   19.096816]                    rtnl_newlink+0x7cf/0x8e0
[   19.096816]                    rtnetlink_rcv_msg+0xbf/0x1f0
[   19.096816]                    netlink_rcv_skb+0xb9/0xe0
[   19.096816]                    rtnetlink_rcv+0x1e/0x30
[   19.096816]                    netlink_unicast+0x13a/0x2c0
[   19.096816]                    netlink_sendmsg+0x290/0x380
[   19.096816]                    ___sys_sendmsg+0x1e2/0x280
[   19.096816]                    __sys_sendmsg+0x3f/0x80
[   19.096816]                    SyS_socketcall+0x58c/0x6b0
[   19.096816]                    do_fast_syscall_32+0x96/0x1d0
[   19.096816]                    entry_SYSENTER_32+0x4c/0x7b
[   19.096816]  }
[   19.096816]  ... key      at: [<f837b67c>] __key.61994+0x0/0xffffc984 [ath9k]
[   19.096816]  ... acquired at:
[   19.096816]    check_usage_forwards+0x118/0x120
[   19.096816]    mark_lock+0x2e4/0x590
[   19.096816]    __lock_acquire+0x6ae/0x1260
[   19.096816]    lock_acquire+0xb1/0x1c0
[   19.096816]    _raw_spin_lock_irqsave+0x45/0x60
[   19.096816]    ath_isr+0x15e/0x200 [ath9k]
[   19.096816]    __handle_irq_event_percpu+0x44/0x340
[   19.096816]    handle_irq_event_percpu+0x1d/0x50
[   19.096816]    handle_irq_event+0x32/0x60
[   19.096816]    handle_level_irq+0x81/0x100
[   19.096816]    handle_irq+0x9c/0xd0
[   19.096816]    do_IRQ+0x5c/0x120
[   19.096816]    common_interrupt+0x36/0x3c
[   19.096816]    _raw_spin_unlock_irqrestore+0x57/0x70
[   19.096816]    ath9k_config+0x16a/0x1d0 [ath9k]
[   19.096816]    ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[   19.096816]    ieee80211_dynamic_ps_enable_work+0x1c3/0x680 [mac80211]
[   19.096816]    process_one_work+0x1d1/0x580
[   19.096816]    worker_thread+0x31/0x380
[   19.096816]    kthread+0xd9/0x110
[   19.096816]    ret_from_fork+0x19/0x24

[   19.096816]
               stack backtrace:
[   19.096816] CPU: 0 PID: 5 Comm: kworker/u2:0 Not tainted 4.13.0-mgm-ovl+ #51
[   19.096816] Hardware name: FUJITSU SIEMENS LIFEBOOK S6120/FJNB16C, BIOS Version 1.26  05/10/2004
[   19.096816] Workqueue: phy0 ieee80211_dynamic_ps_enable_work [mac80211]
[   19.096816] Call Trace:
[   19.096816]  <IRQ>
[   19.096816]  dump_stack+0x16/0x19
[   19.096816]  print_irq_inversion_bug.part.37+0x16c/0x179
[   19.096816]  check_usage_forwards+0x118/0x120
[   19.096816]  ? ret_from_fork+0x19/0x24
[   19.096816]  ? print_shortest_lock_dependencies+0x1a0/0x1a0
[   19.096816]  mark_lock+0x2e4/0x590
[   19.096816]  ? print_shortest_lock_dependencies+0x1a0/0x1a0
[   19.096816]  __lock_acquire+0x6ae/0x1260
[   19.096816]  lock_acquire+0xb1/0x1c0
[   19.096816]  ? ath_isr+0x15e/0x200 [ath9k]
[   19.096816]  _raw_spin_lock_irqsave+0x45/0x60
[   19.096816]  ? ath_isr+0x15e/0x200 [ath9k]
[   19.096816]  ath_isr+0x15e/0x200 [ath9k]
[   19.096816]  __handle_irq_event_percpu+0x44/0x340
[   19.096816]  handle_irq_event_percpu+0x1d/0x50
[   19.096816]  handle_irq_event+0x32/0x60
[   19.096816]  ? handle_nested_irq+0x100/0x100
[   19.096816]  handle_level_irq+0x81/0x100
[   19.096816]  handle_irq+0x9c/0xd0
[   19.096816]  </IRQ>
[   19.096816]  do_IRQ+0x5c/0x120
[   19.096816]  common_interrupt+0x36/0x3c
[   19.096816] EIP: _raw_spin_unlock_irqrestore+0x57/0x70
[   19.096816] EFLAGS: 00000286 CPU: 0
[   19.096816] EAX: f60a3600 EBX: 00000286 ECX: 00000006 EDX: 00000001
[   19.096816] ESI: f46c9e68 EDI: f46c8620 EBP: f60b5e8c ESP: f60b5e84
[   19.096816]  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[   19.096816]  ath9k_config+0x16a/0x1d0 [ath9k]
[   19.096816]  ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[   19.096816]  ? ieee80211_hw_config+0x1db/0x5f0 [mac80211]
[   19.096816]  ieee80211_dynamic_ps_enable_work+0x1c3/0x680 [mac80211]
[   19.096816]  ? process_one_work+0x127/0x580
[   19.096816]  ? process_one_work+0x127/0x580
[   19.096816]  process_one_work+0x1d1/0x580
[   19.096816]  ? process_one_work+0x127/0x580
[   19.096816]  worker_thread+0x31/0x380
[   19.096816]  kthread+0xd9/0x110
[   19.096816]  ? process_one_work+0x580/0x580
[   19.096816]  ? kthread_create_on_node+0x30/0x30
[   19.096816]  ret_from_fork+0x19/0x24

Cc: QCA ath9k Development <ath9k-devel@....qualcomm.com>
Cc: Kalle Valo <kvalo@...eaurora.org>
Cc: netdev@...r.kernel.org
Signed-off-by: Ville Syrjälä <ville.syrjala@...ux.intel.com>
---
 drivers/net/wireless/ath/ath9k/channel.c |  5 +++--
 drivers/net/wireless/ath/ath9k/link.c    |  4 ++--
 drivers/net/wireless/ath/ath9k/main.c    | 16 +++++++++-------
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/drivers/net/wireless/ath/ath9k/channel.c b/drivers/net/wireless/ath/ath9k/channel.c
index f0439f2d566b..fad020aa222e 100644
--- a/drivers/net/wireless/ath/ath9k/channel.c
+++ b/drivers/net/wireless/ath/ath9k/channel.c
@@ -29,6 +29,7 @@ static int ath_set_channel(struct ath_softc *sc)
 	struct cfg80211_chan_def *chandef = &sc->cur_chan->chandef;
 	struct ieee80211_channel *chan = chandef->chan;
 	int pos = chan->hw_value;
+	unsigned long flags;
 	int old_pos = -1;
 	int r;
 
@@ -42,9 +43,9 @@ static int ath_set_channel(struct ath_softc *sc)
 		chan->center_freq, chandef->width);
 
 	/* update survey stats for the old channel before switching */
-	spin_lock_bh(&common->cc_lock);
+	spin_lock_irqsave(&common->cc_lock, flags);
 	ath_update_survey_stats(sc);
-	spin_unlock_bh(&common->cc_lock);
+	spin_unlock_irqrestore(&common->cc_lock, flags);
 
 	ath9k_cmn_get_channel(hw, ah, chandef);
 
diff --git a/drivers/net/wireless/ath/ath9k/link.c b/drivers/net/wireless/ath/ath9k/link.c
index 27c50562dc47..3f4f01c829f0 100644
--- a/drivers/net/wireless/ath/ath9k/link.c
+++ b/drivers/net/wireless/ath/ath9k/link.c
@@ -367,10 +367,10 @@ void ath_ani_calibrate(unsigned long data)
 
 	/* Call ANI routine if necessary */
 	if (aniflag) {
-		spin_lock(&common->cc_lock);
+		spin_lock_irqsave(&common->cc_lock, flags);
 		ath9k_hw_ani_monitor(ah, ah->curchan);
 		ath_update_survey_stats(sc);
-		spin_unlock(&common->cc_lock);
+		spin_unlock_irqrestore(&common->cc_lock, flags);
 	}
 
 	/* Perform calibration if necessary */
diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
index 8b4ac7f0a09b..ebb7e0f63279 100644
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -97,11 +97,12 @@ void ath_ps_full_sleep(unsigned long data)
 {
 	struct ath_softc *sc = (struct ath_softc *) data;
 	struct ath_common *common = ath9k_hw_common(sc->sc_ah);
+	unsigned long flags;
 	bool reset;
 
-	spin_lock(&common->cc_lock);
+	spin_lock_irqsave(&common->cc_lock, flags);
 	ath_hw_cycle_counters_update(common);
-	spin_unlock(&common->cc_lock);
+	spin_unlock_irqrestore(&common->cc_lock, flags);
 
 	ath9k_hw_setrxabort(sc->sc_ah, 1);
 	ath9k_hw_stopdmarecv(sc->sc_ah, &reset);
@@ -394,10 +395,10 @@ void ath9k_tasklet(unsigned long data)
 
 	if ((ah->config.hw_hang_checks & HW_BB_WATCHDOG) &&
 	    (status & ATH9K_INT_BB_WATCHDOG)) {
-		spin_lock(&common->cc_lock);
+		spin_lock_irqsave(&common->cc_lock, flags);
 		ath_hw_cycle_counters_update(common);
 		ar9003_hw_bb_watchdog_dbg_info(ah);
-		spin_unlock(&common->cc_lock);
+		spin_unlock_irqrestore(&common->cc_lock, flags);
 
 		if (ar9003_hw_bb_watchdog_check(ah)) {
 			type = RESET_TYPE_BB_WATCHDOG;
@@ -1955,12 +1956,13 @@ static int ath9k_get_survey(struct ieee80211_hw *hw, int idx,
 	struct ath_common *common = ath9k_hw_common(sc->sc_ah);
 	struct ieee80211_supported_band *sband;
 	struct ieee80211_channel *chan;
+	unsigned long flags;
 	int pos;
 
 	if (IS_ENABLED(CONFIG_ATH9K_TX99))
 		return -EOPNOTSUPP;
 
-	spin_lock_bh(&common->cc_lock);
+	spin_lock_irqsave(&common->cc_lock, flags);
 	if (idx == 0)
 		ath_update_survey_stats(sc);
 
@@ -1974,7 +1976,7 @@ static int ath9k_get_survey(struct ieee80211_hw *hw, int idx,
 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
 
 	if (!sband || idx >= sband->n_channels) {
-		spin_unlock_bh(&common->cc_lock);
+		spin_unlock_irqrestore(&common->cc_lock, flags);
 		return -ENOENT;
 	}
 
@@ -1982,7 +1984,7 @@ static int ath9k_get_survey(struct ieee80211_hw *hw, int idx,
 	pos = chan->hw_value;
 	memcpy(survey, &sc->survey[pos], sizeof(*survey));
 	survey->channel = chan;
-	spin_unlock_bh(&common->cc_lock);
+	spin_unlock_irqrestore(&common->cc_lock, flags);
 
 	return 0;
 }
-- 
2.13.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ